Financial framework

An increasingly competitive market is forcing local banks to create services that build loyalty with existing customers and attract new ones. However, none of these initiatives will work unless finance houses invest in the networks required to underpin them.

  • E-Mail
By  Simon Duddy Published  April 8, 2004

|~|AmerFarid_m.jpg|~|“Habib Bank values the premium required to create a redundant network. A combination of leased, ISDN and VPN solutions are in place for any contingency,” says Amer Farid, assistant vice president Habib Bank AG Zurich.|~|Banks and financial institutions in the Middle East have been investing in network infrastructures and the components required to build new delivery channels for some time. The motivation for this investment has been two-fold — to take advantage of the cheaper operating costs of keeping customers away from branches, and to reel in and retain new clients. “Banks, like many other organisations, are looking for new marketing ideas to attract and retain their customers. That is why an IT strategy is now a must for banks as most of them will propose online services accessible from any phone, PDA, computer or contact centre,” says Stanilas de Boisset, technical manager, 3Com. “This requires proper planning in the IT department as it will generate a big increase in network traffic and expose their systems to possible intrusions. Moreover, users will require access at any time of the day,” he adds. In offering mission-critical applications over multiple channels, banks and financial institutes are among the organisations that place the highest priority on maximum uptime, resilient infrastructures and processes. Stable operations are required 24 hours a day, seven days a week in order to fulfil obligations to customers. To attain high availability, banks need to invest in the latest generation of non-stop infrastructure products, including best-of-breed firewalls, premise routers, load balancers and web servers. “In order to get access to information 24x7, banks need to design their network in a fully resilient way from server connectivity to internet access through to the cabling infrastructure,” says de Boisset. Fault-tolerance has to be one of the most important features of network components for this reason. Take capacity planning for the increase in network traffic arising from the additional channels. Here, it is necessary to establish the number of web servers required, this in turn requires testing and monitoring at different user loads to ensure web servers will be able to handle peak rate flows. Load balancers decide which server will deal with which request as it comes in, and enable the addition of more web servers as they are needed. Software-based load balancers are sometimes referred to as traffic managers, to distinguish them from the older hardware-versions. Most technologies thus have load balancing. Fault tolerance ensures that if one load balancer fails, a second will take over and accept new connections. To have any degree of front end fault tolerance, end users need two load balancers. Load balancers also detect back end failures, interrupting the sending of requests to the failed server until it recovers. All load balancers do this, but only if they buffer the request up can they also re-send requests. NAT-based balancers, for example, won’t do buffering, making them undesirable for banks’ mission critical applications. As simple fault tolerance loses the currently active connection, fault-tolerant router features should include truly hot standby processors that permit instantaneous changeover to a backup device without interrupting services, even if an unexpected failure occurs. Routers need mirrored routing sessions and information states, and packet forwarding tables that can be swapped in tens of milliseconds. Firewalls likewise need to be constantly on hot standby. “Today, banks use firewalls in a resilient way, along with several other security appliances. Tomorrow they will have to consider consolidating these security appliances to work in parallel, in order to optimise access to information, reduce processing time and centralise the management of their security policy. 3Com is launching such an advanced box. It will simplify resiliency of applications and security for banks,” says de Boisset. It is significant that the Bank of International Settlements (BIS), the Central Banks’ Central Bank, has recognised the risks inherent in e-banking by issuing papers from the Electronic Banking Group (EBG) of the Basel Committee on Banking Supervision. As the BIS expresses it, management supervision should include approval and review of the bank’s security control process, development and maintenance of security control infrastructure, safeguard the e-banking systems and data from internal and external threats. Response mechanisms cover business continuity, contingency planning and their attendant communications strategies. Prior to engagement in cross-border e-banking activities, a banking institution should conduct appropriate risk assessment and due diligence. It needs to establish an effective risk management programme for these activities. “Today resiliency is mandatory for banks, but the new requirement for them of going online brings risks with it,” says de Boisset. Habib Bank AG Zurich’s highly secure internet banking service, HBZweb, allows everything from paying DEWA bills to transferring money worldwide. It was also the first bank in the United Arab Emirates to offer e-letters of credit on-line. “Habib Bank values the premium required to create a redundant network. A combination of leased, ISDN and VPN solutions are in place for any contingency,” says Amer Farid, assistant vice president Habib Bank AG Zurich. “Security is not considered a single element at Habib Bank that resides somewhere on the network, like a firewall. It is a design principal for all tiers and layers of the application, the required software infrastructure and the physical infrastructure. In short, it is integrated security across the board,” he explains. Apart from the basic tools, such as passwords, encryption and firewalls, banks and finance houses need to explore more advanced forms of security around access rights, authorisation and authentication, in addition to better systems for managing existing resources. There is no common roadmap or consensus on what constitutes good security, but there must be a current and flexible security policy that is enforced at the highest levels. Some sort of disaster recovery and continuity planning are thus imperative for Middle East banks, and there are various options. One solution is to install Gigabit Ethernet switches that work as a single high-performance, high-availability distributed switching fabric, with no single point of failure. “The servers will have dual homing to resilient core switches which themselves can be hosted in a different location/building. Every core switch will then require a resilient link to the internet, a solution would be multiple service providers – such as a leased line and satellite line,” explains de Boisset. “Large banks must have a disaster recovery building able to handle the bank’s operations without disruption for the users. The only-non resilient part would remain the human,” he continues. Oman Arab Bank (OAB), for example, has rolled out a disaster recovery infrastructure that both protects against unplanned downtime and acts as its core-banking network. A customised local area network (LAN) and wide area network (WAN) integrate with IBM iSeries and xSeries servers to facilitate disaster recovery and fail over capabilities. The bank’s network of ATMs for example, are connected to two IBM servers in case one fails. OAB is also looking to leverage its investment by introducing wireless and content switching capabilities to its e-business application. “Linking the IBM iSeries/MIMIX solution to the disaster recovery site provides a perfect platform to offer retail and corporate customers a wide range of new services, such as internet, extranet and intranet-based services, where the need to access up-to-date information is of paramount importance,” says Hassan Abdel-Ali, IT consultant to the CEO at OAB. An essential part of a multiple channel strategy is being able to manage the networks that new channels run over. “Network availability and performance monitoring is critical for banks. While availability is generally well managed, performance is somewhat more complex,” says Paul Arthur, director of BMC Software’s ESM business unit. To manage network performance, Arthur believes the important indicators to consider are network resource indicators, the quality of architecture and physical fault indicators, and also response time indicators. Network resource indicators diagnose the use of internal resources and network nodes, such as buffer problems, memory load, CPU load, congestion on a Frame Relay network or cells dropped on an ATM network, IP VPN tunnel failures and the amount of disk space used on a server. Quality of architecture and physical fault indicators diagnose the status of the physical infrastructure of the network and the quality of the physical support access modules. “Monitoring these metrics and their evolutions enables one to foresee performance problems caused by using up one of the resources,” says Arthur. “These indicators can show a bank’s administrators that there is a need to remodel the network, which is the case when collisions are involved, and a high number tend to evolve quickly, showing a need for re-segmentation of the LAN, whereas others indicate the malfunctioning of devices — physical errors due to used cables or cards, defective MAUs or modems,” he explains. The indicators each represent a node on the network and will have to be processed to contribute to an overall view of the network. Advanced software can then provide a correlation between end-to-end response times and network data so as to identify the metric, if any, that is responsible for the response time increase. “The measurement of response time, from one end to the other, can be done thanks to proxy technology. This is the slowness felt by the user. The response time can be application-oriented, meaning the total time to run a command in a client-server application, or purely network-oriented,” says Arthur. The need to monitor and respond to network performance and fault recovery doesn’t stop outside the bank’s premises. As a matter of necessity, banks and financial institutes are establishing Service Level Agreements (SLAs) with all the third-party vendors that operate their infrastructure, be it data communication service providers, ISPs or web hosting companies. Dependency on the internet for trafficking critical data and executing customer demands means that banks demand the same high level of availability from the carrier’s IP network infrastructure as they get from their telephony services and leased line networks. The benchmark for service availability is today’s Public Switched Telephone Network (PSTN), which delivers 99.999%, or the ‘five nines’ of network availability. This translates into a maximum of five minutes of downtime per year. Banks need to ensure their providers’ networks have the appropriate level of QoS based on both fault prevention and network performance. Multi-protocol label switching (MPLS) is a traffic segmentation technology that defines Quality of Service (QoS). It increases network performance by enabling providers to offer different classes of services. However, despite these advances and the existence of SLAs, banks must still monitor and manage the service provider and its connections. “This is definitely something we recommend. The SLA reports provided by service providers do not always include all the relevant indicators to estimate the QoS, for example the level of drops or the recolorised packets in case of a CBQoS implementation. Being able to monitor the QoS independently is definitely the way to check the QoS and SLA adherence and, ultimately, ensure that the bank can deliver its services,” says Arthur. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code